Author: Emerald Knox (Emerald Knox)

Riad S. Wahby, Max Howald, Siddharth Garg, Abhi Shelat, and Michael Walfish A manufacturer of custom hardware (ASICs) can undermine the intended execution of that hardware; high-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform. This paper...

Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, William K. Robertson, Frederick Ulrich, and Ryan Whelan Work on automating vulnerability discovery has long been hampered by a shortage of ground-truth corpora with which to evaluate tools and techniques. This lack of ground truth prevents authors and users of tools alike from being able...

Sk Subidh Ali, Mohamed Ibrahim, Jeyavijayan Rajendran, Ozgur Sinanoglu, and Krishnendu Chakrabarty Digital microfluidic biochips (DMFBs) implement novel protocols for highly sensitive and specific biomolecular recognition. However, attackers can exploit supply-chain vulnerabilities to pirate DMFBs’ proprietary protocols or modify their results, with serious consequences for laboratory analysis, healthcare, and biotechnology innovation.

Jack Tang, Ramesh Karri, and Jeyavijayan Rajendran We present a micro-electro-mechanical (MEM) relay based physical unclonable function (PUF) that is capable of sensing pressure while providing an assurance of authenticity. The unique properties of the SensorPUF arise from the pressure sensitivity of electrostatically actuated MEM relay structures.  

Santiago Torres-Arias, Anil Kumar Ammula, Reza Curtmola, and Justin Cappos Metadata manipulation attacks represent a new threat class directed against Version Control Systems, such as the popular Git. This type of attack provides inconsistent views of a repository state to different developers, and deceives them into performing unintended operations with often negative consequences.

Kurt Thomas, Juan A. Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-André Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panayiotis Mavrommatis, Niels Provos, and Elie Bursztein, and Damon McCoy In this work, we explore the ecosystem of commercial pay-per-install (PPI) and the role...

Jeffrey Pawlick and Quanyan Zhu Internet tracking technologies and wearable electronics provide a vast amount of data to machine learning algorithms. This stock of data stands to increase with the developments of the internet of things and cyber-physical systems. Clearly, these technologies promise benefits. But they also raise the risk of sensitive information disclosure. To mitigate...

Kurt Thomas, Juan A. Elices Crespo, Ryan Rasti, Jean-Michel Picod, Cait Phillips, Marc-André Decoste, Chris Sharp, Fabio Tirelo, Ali Tofigh, Marc-Antoine Courteau, Lucas Ballard, Robert Shield, Nav Jagpal, Moheeb Abu Rajab, Panayiotis Mavrommatis, Niels Provos, and Elie Bursztein, and Damon McCoy In this work, we explore the ecosystem of commercial pay-per-install (PPI) and the role...

Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson Security researchers can send vulnerability notifications to take proactive measures in securing systems at scale. However, the factors affecting a notification’s efficacy have not been deeply explored. In this paper, we report on an extensive study of notifying...

Jian Ming Colin Wee,  Masooda Bashir, and Nasir Memon Research on cybersecurity competitions is still in its nascent state, and many questions remain unanswered, including how effective these competitions actually are at influencing career decisions and attracting a diverse participant base. The present research aims to address these questions through surveying a sample of ex-cybersecurity competition...